Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Configure ISA 2000 to allow FTP

Posted on 2005-05-17
5
Medium Priority
?
629 Views
Last Modified: 2013-11-16
I've installed SBS2003 Premium and enabled ISA 2000 to act as my firewall. I'm trying to access our external web hosts FTP site from my client machine on the LAN (Windows XP SP2). I'm using Dreamweaver MX 2004 to do this. The Windows Firewall is also active on all clients and I've added a local exception on my machine for Dreamweaver.

On the ISA Server it appears that Protocol Definition for FTP is:

FTP   FTP Protocol   Application Filter   21   TCP   Outbound
FTP Download Only   FTP Download only Protocol   Application Filter   21   TCP   Outbound
FTP Server   FTP Server protocol   Application Filter   21   TCP   Inbound

The problem I have is that I wish to use Dreamweaver to access my remote site using FTP. I've configured Dreamweaver as so:

Access: FTP
FTP Host: domain.co.uk (actual domain hidden)
Login: loginName (obviously not the Username)
Password: PasswordHere (obviously not the password)

I've tried enabling/disabling Passive FTP
Also tried enabling/disabling Use Firewall (with my Proxy settings set to SBSSERV:8080 with Firewall Port 21)

Nothing appears to work. When I enable the Use Firewall option and click Test Dreamweaver attempts to connect, I get a progress bar and it says Connecting to..., followed by Waiting for Server and then I get the following error:

An FTP error occured - cannot make connection to host
The remote host cannot be found

Any ideas?
0
Comment
Question by:Steven O'Neill
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 14032210
You need to open the control channel also - port 20.

Are you using the built-in FTP filter or Protocol Definition?
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 14032288
Actually, 21 is the control channel, 20 is the back connection from the server to send the data.  If you're attempting to use PASV then the client will make the request for the secondary channel rather than the server.

Make sure the FTP protocol - Application Filter is enabled and hasn't been changed.

If this ISA is behind a primary edge-firewall (like a PIX) or you have your router setup to block things, you may also need to create an Access Control list to allow the FTP server inbound port 20 to your server - just another thought.




0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 14034596
Have you tried connecting by using the IP address instead?  I know it sounds screwey, but give that a try and see if you can connect.

Jeff
TechSoEasy
0
 
LVL 2

Author Comment

by:Steven O'Neill
ID: 14035177
Thanx for the responses. The ISA server sits behind an Intelligent Gateway 1800 (BT Office Broadband box) which has it's own built in firewall. I've set this up to allow FTP thru it to the WAN NIC on my SBS Server but may not have done this completely (need to check settings again).

I haven't altered the protocols for FTP that ISA Sets up. I'll check them all and let you know.

I haven't tried connecting via the IP only. I'll also try this and get back to you.
0
 
LVL 2

Author Comment

by:Steven O'Neill
ID: 14044095
Okay I've tried all the solutions offered and managed to find this doc:

http://www.microsoft.com/technet/prodtechnol/isa/2000/maintain/isaftpci.mspx

This has worked out and allows me to do what I want. So Netman66 gets the points for being in the right direction (not the exact solution but pointed me the right way).

Thanx
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month20 days, 15 hours left to enroll

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question